On checking the who.is for the website, we noticed this little detail: "Creation Date: 2009-10-09". Hmm.

Anyway, the site redirects visitors to a site that tells you:It doesn't matter if the user clicks on "OK" or "Cancel"; the site still goes on to display the following image, which mimics a computer scan:

And the grand finale, a prompt to install something:

Rogue AV strikes again. This particular malware site shares an IP address with other known malware sites such as forexbids.cn, norah-jones.cn, watermelonfun.cn, my-pc-scanner7.com and anamericanbeauty.com.

Some of these sites might already be down, but all the same, probably not wise to visit them. These websites are blocked by our Browsing Protection.

—————

Updated to add: A related SEO attack which leads to the same website originates from: